US4984272A - Secure file handling in a computer operating system - Google Patents

Secure file handling in a computer operating system Download PDF

Info

Publication number
US4984272A
US4984272A US07/277,630 US27763088A US4984272A US 4984272 A US4984272 A US 4984272A US 27763088 A US27763088 A US 27763088A US 4984272 A US4984272 A US 4984272A
Authority
US
United States
Prior art keywords
file
security
read
write
indicator
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
US07/277,630
Inventor
M. Douglas McIlroy
James A. Reeds
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nokia Bell Labs
AT&T Corp
Original Assignee
AT&T Bell Laboratories Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by AT&T Bell Laboratories Inc filed Critical AT&T Bell Laboratories Inc
Priority to US07/277,630 priority Critical patent/US4984272A/en
Assigned to BELL TELEPHONE LABORATORIES, INCORPORATED, A CORP. OF NY, AMERICAN TELEPHONE AND TELEGRAPH COMPANY, A CORP. OF NY reassignment BELL TELEPHONE LABORATORIES, INCORPORATED, A CORP. OF NY ASSIGNMENT OF ASSIGNORS INTEREST. Assignors: REEDS, JAMES A.
Priority to CA002001863A priority patent/CA2001863C/en
Priority to EP89312048A priority patent/EP0371673B1/en
Priority to JP1309440A priority patent/JP2603344B2/en
Application granted granted Critical
Publication of US4984272A publication Critical patent/US4984272A/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2113Multi-level security, e.g. mandatory access control

Definitions

  • the invention relates to the field of security in computer systems generally and, in particular, to the control of secure access to files in a computer system by authorized users.
  • Computer security is an encompassing term. It includes many aspects of protecting a computer or computer system. Security issues include system access by unauthorized users or programs and limitation of file access to limited users or groups of users. We are concerned here primarily with the control of access to files.
  • a standard technique of protecting access to files is by means of permissions.
  • every file is associated with a set of READ and WRITE permission bits.
  • there are three sets of such permission bits for each file one set for the owner of a file, one set for members of a group associated with the file, and a final set for all other users of the system.
  • a file owner controls the states of these permission bits.
  • a file owner may prevent others from reading or writing a file by setting the READ, WRITE bits for group members and for all other system users to an unallowed state. Conversely, the file owner might allow all system users total access to a file by setting the READ and WRITE bits associated with all users.
  • the file permission technique works well in any system in which the users are sensitive to security issues and diligently administer the permission bits over which they have control. However, all system users are not always diligent. As such, the permission bit scheme represents a potential weak link in overall system security.
  • a further disadvantage of the permission scheme is that it is necessarily limited in its flexibility.
  • Some systems require many levels of defined security classifications for users and files alike. Military systems are good examples of such systems, in which files may range in levels from unclassified to top secret and be further partitioned in compartments to which the level may apply. Access to such files must be limited to users having appropriate security clearances and the security classifications must follow the files as they move in a system. In such label systems, both files and user processes are assigned security labels.
  • a user process cannot read a file unless the process security label dominates that of the file.
  • dominate it is meant that the security label of the process is sufficient to allow access to the file in accordance with the file security label.
  • a process cannot write a file unless the label of the file is at least as high as that of the process.
  • Dynamic labels provide reasonable levels of security while mitigating this suffocating tendency of fixed labels.
  • the dynamic security label method has never been commonly used for two reasons.
  • the new covert channels are generally limited in bandwidth to approximately one bit of information per system call. Thus, attempts to "smuggle" significant amounts of information through such a covert channel is detectable by relatively simple means. Additionally, to use such a channel, the user must already be cleared to use the data.
  • the invention is a method of administering secure access to files of a computer system.
  • First and second security labels are associated with files and processes, respectively.
  • the first security label is compared with the second security label in response to an attempt by the process to read (or write) thea file. If the security label of the destination file or process of the read (or write) operation does not dominate the security label of the source file or process, the security label of the destination is dynamically raised sufficiently to dominate the security label of the source.
  • the source and destination of a read operation for example, are a file and a process, respectively.
  • An indicator associated with this process and with this file is set to a first state representing that the file is safe for this process-file pair after the comparison of process and file security labels.
  • Indicators associated with every other process presently capable of accessing this file are set to a second state representing that the file is unsafe for those process-file pairs.
  • the steps of testing the security labels of a file and a process on a read (or write) operation are omitted when the indicator associated with the process-pair is set to the safe state.
  • the security labels of certain files are assigned a frozen status.
  • the security labels of such files cannot be altered in response to attempted read or write operations. Therefore, an attempt to write a file having frozen status is denied when the security label of the writing process dominates that of the file.
  • This mechanism is used to guarantee that data cannot be written to media external to the system, such as terminals, disk drives, tape drives and the like, unless the security label of the external medium clears the medium for access to the data.
  • the safe/unsafe indicator for each process-file pair actually comprises two indicators, a SAFE-TO-READ indicator and a SAFE-TO-WRITE indicator.
  • the SAFE-TO-READ indicator associated with the pair is set to a safe state on a request to read the file by the process if the security label of the process is found to dominate the security label of the file or if the security label of the process is raised as a result of the read.
  • the SAFE-TO-WRITE indicator associated with the pair is set to a safe state on a request to write the file if the label of the file dominates or is raised.
  • All SAFE-TO-READ indicators for all other processes associated with the file are set to an unsafe state on a request to write the file when file label is raised and all SAFE-TO-WRITE indicators for all other files associated with the process are set to an unsafe state on a request to read the file when the process label is raised.
  • FIG. 1 shows the format of an illustrative security label in which one section defines a security level and a second section divides the security level into compartments to which the security level applies;
  • FIG. 2 illustrates the relationship between files, processes, file descriptors and safe-to-read/write bits, which are used to reduce the label verification overhead in an illustrative system used to explain the invention
  • FIG. 3 shows an illustrative flowchart of the verification process for READ operations
  • FIG. 4 shows an illustrative flowchart of the verification process for WRITE operations.
  • file descriptors uniquely identify every instance of a process-file relationship.
  • media external to a system are also represented by files.
  • terminals, disk drives, tape drives and the like are represented internally in the system as files.
  • a write to a terminal is accomplished as a write to the internal file representing the terminal.
  • a further attribute of the UNIX system is its file system which is divided into directories, which again are represented by files. Each directory can consist of ordinary files and other subdirectories, and so on.
  • FIG. 1 introduces the notion of a security label as being associated with a process (p) or with a file (f).
  • the illustrative security label in FIG. 1 is divided into two sections.
  • the first SECURITY LEVEL section stores a numeric representation of an overall security level. This section might consist of three bits and be binary encoded to represent the customary military document classification levels unclassified, confidential, secret and top secret.
  • the second section of FIG. 1, SECURITY COMPARTMENTS further partition the SECURITY LEVEL. These bits might, for example, represent individual countries to which the security level applies. For example, the first two bits of SECURITY COMPARTMENTS might represent countries A and B, respectively.
  • the labels associated with the files and with the processes performing the read and write operations are raised as necessary.
  • a process label is raised to dominate the label of a file being read.
  • a write operation a file label is raised to dominate the label of a process performing the write.
  • the security labels associated with external media such as terminals, disk drives, tape drives and the like are frozen and cannot be altered, except by mechanisms having no relationship to the present invention. Thus, an attempt to write to a file representing an external medium having a security label that does not dominate the security label of the writing process is denied.
  • each file (f) that is opened by a process (p) is identified by a unique file descriptor (d). If two separate processes open the same file, each process-file pair is similarly identified by a different file descriptor, even though both processes are using the same file.
  • FIG. 2 illustrates this process-file arrangement.
  • a file (f) and a process (p) are joined by dotted lines to a file descriptor (d).
  • the process refers to the file, it does so through the operating system by means of the file descriptor.
  • two other indicators are associated with a file descriptor, a SAFE-TO-READ bit and a SAFE-TO-WRITE bit. These bits are shown in FIG.
  • the SAFE bits allow use of the dynamic label security method with acceptable system overhead, as described below.
  • an indicator FROZEN also associated with each file is an indicator FROZEN, as shown in FIG. 2. The state of this indicator identifies whether or not the security label of the file may be raised at read and write time. The use of this file attribute is discussed further below in connection with attempted writes of data to media, such as terminals, that are external to the system.
  • FIG. 3 and FIG. 4 show illustrative flowcharts of algorithms that are executed by the operating system each time a read or a write operation, respectively, is requested by a process.
  • step 300 interrogates the SAFE-TO-READ bit associated with the file descriptor in question. If the SAFE-TO-READ bit is set, this means that the security labels for this process and file have been verified on an earlier read operation and the labels raised, if necessary. The safe state of the bit implies that no further system operation has taken place since that time to invalidate the earlier verification. Thus, if the SAFE-TO-READ bit is set, the algorithm merely exits at 302 and other portions of the operating system, not shown, perform the read operation.
  • Step 304 determines if the label of the file in question is dominated by the label of the process requesting a read. If so, a read of the file by the process is permitted without any further ado. In this case, the SAFE-TO-READ bit is set at step 310 and exit is made at 312 to perform the read operation.
  • step 306 raises the label of the process by an appropriate amount.
  • raising of the process label is performed by logically ORing the present process label with the present file label.
  • the operating system searches for and determines all file descriptors (d) thatare associated with the present process (p).
  • Step 308 then clears all the SAFE-TO-WRITE bits associated with the found file descriptors. This is necessary since the raising of the security label of the process has rendered future write operations by this process unsafe without reverification.
  • step 310 set the SAFE-TO-READ bit for this particular file descriptor and exit is made at 312.
  • step 400 interrogates the SAFE-TO-WRITE bit associated with the file descriptor in question. If the SAFE-TO-WRITE bit is set, this means that the security labels for this process and file have been verified on an earlier write operation and the labels raised, if necessary. The safe state of the bit implies that no further system operation has taken place since that time to invalidate the earlier verification. Thus, if the SAFE-TO-WRITE bit is set, the algorithm merely exits at 402 and other portions of the operating system, not shown, perform the write operation.
  • Step 404 determines if the label of the file in question dominates the label of the process requesting a write. If so, a write of the file by the process is permitted without any further ado. In this case, the SAFE-TO-WRITE bit is set at step 414 and exit is made at 416 to perform the write operation.
  • step 404 determines if the security label of the file does not dominate that of the process. If the label is frozen, the write operation is denied by performing an error return to the operating system at 408. If the file security label is not frozen, step 410 raises the label of the file by an appropriate amount. In this illustrative embodiment, raising of the process label is performed by logically ORing the present process label with the present file label.
  • step 412 the operating system searches for and determines all file descriptors (d) that are associated with the present file (f).
  • Step 412 then clears all the SAFE-TO-READ bits associated with the found file descriptors. Clearing of the SAFE-TO-READ bits is necessary since the raising of the security label of the file has rendered all future read operations of this file unsafe without reverification.
  • step 414 sets the SAFE-TO-WRITE bit for this particular file descriptor and exit is made at 416 to perform the instant write operation.

Abstract

A method for administering secure access to files of a computer system. For a process-file pair, a first security label associated with the process is compared with a second security label associated with the file in response to a request to read or write the file. If the security label of the destination (file or process) of the read or write operation does not dominate the security label of the source (file or process), the security label of the destination is dynamically raised accordingly. If the security label of the file or process is raised, an indicator associated with this process and with this file is set to a first state representing that the file is safe for this process-file pair. Indicators associated with every other process linked with this file are set to a second state representing that the file is unsafe for those process-file pairs. The steps of testing the security labels of a file and a process on a read or write operation are omitted when the indicator associated with the process-pair is set to the safe state.
The security labels of certain files are assigned a frozen status. These security labels of such files cannot be altered in response to attempted read or write operations. Therefore, an attempt to wire a file having frozen status is denied when the security label of the writing process dominates that of the file. This mechanism is used to guarantee that files cannot be written to media external to the system, such as terminals, disk drives, tape drives and the like, unless the security label of the external media clears the media for access to the file.

Description

FIELD OF THE INVENTION
The invention relates to the field of security in computer systems generally and, in particular, to the control of secure access to files in a computer system by authorized users.
TECHNICAL BACKGROUND
Computer security is becoming an increasingly important and urgent issue. As witness to this, consider the present day concern over computer viruses which, if introduced into computer systems, have the ability to read and/or destroy unprotected data. Indeed, a number of such virus attacks have recently received nationwide attention.
Computer security is an encompassing term. It includes many aspects of protecting a computer or computer system. Security issues include system access by unauthorized users or programs and limitation of file access to limited users or groups of users. We are concerned here primarily with the control of access to files. A standard technique of protecting access to files is by means of permissions. In the commercial versions of the UNIX (Registered trademark of AT&T) operating system, for example, every file is associated with a set of READ and WRITE permission bits. In fact, there are three sets of such permission bits for each file, one set for the owner of a file, one set for members of a group associated with the file, and a final set for all other users of the system. A file owner controls the states of these permission bits. Thus, a file owner may prevent others from reading or writing a file by setting the READ, WRITE bits for group members and for all other system users to an unallowed state. Conversely, the file owner might allow all system users total access to a file by setting the READ and WRITE bits associated with all users.
The file permission technique works well in any system in which the users are sensitive to security issues and diligently administer the permission bits over which they have control. However, all system users are not always diligent. As such, the permission bit scheme represents a potential weak link in overall system security. A further disadvantage of the permission scheme is that it is necessarily limited in its flexibility. Some systems require many levels of defined security classifications for users and files alike. Military systems are good examples of such systems, in which files may range in levels from unclassified to top secret and be further partitioned in compartments to which the level may apply. Access to such files must be limited to users having appropriate security clearances and the security classifications must follow the files as they move in a system. In such label systems, both files and user processes are assigned security labels. A user process cannot read a file unless the process security label dominates that of the file. By dominate, it is meant that the security label of the process is sufficient to allow access to the file in accordance with the file security label. Similarly, a process cannot write a file unless the label of the file is at least as high as that of the process.
File access control, including the above permission and labeling methods, are discussed in CRYPTOGRAPHY AND DATA SECURITY, D. Denning, Addison-Wesley, 1982, Chapter 4, pp. 191-258. Also discussed at page 287 of the book is a method commonly referred to as dynamic security labels. In the dynamic security label method, the security labels of files and processes are raised as necessary to allow processes to access files. With such dynamic label methods, some additional form of protection must also be used to prevent ultimate unauthorized leakage of data to destinations external to the system. The dynamic security label method has advantages over fixed label types of methods. Fixed label methods tend to suffocate system users and may in severe cases render flexible and productive use of a system almost impossible. Dynamic labels provide reasonable levels of security while mitigating this suffocating tendency of fixed labels. However, the dynamic security label method has never been commonly used for two reasons. First, it is known that the technique introduces covert channels through which security breaches may occur. This, however, is not a serious problem. The new covert channels are generally limited in bandwidth to approximately one bit of information per system call. Thus, attempts to "smuggle" significant amounts of information through such a covert channel is detectable by relatively simple means. Additionally, to use such a channel, the user must already be cleared to use the data. Second, and more important, the verification of process and file security labels on every read and write operation adds a tremendous amount of overhead to routine system operations. Thus, it is desirable to find ways of reducing this overhead to acceptable levels, thereby allowing advantageous use of the dynamic security label method.
SUMMARY OF THE INVENTION
The invention is a method of administering secure access to files of a computer system. First and second security labels are associated with files and processes, respectively. For a given process-file pair, the first security label is compared with the second security label in response to an attempt by the process to read (or write) thea file. If the security label of the destination file or process of the read (or write) operation does not dominate the security label of the source file or process, the security label of the destination is dynamically raised sufficiently to dominate the security label of the source. The source and destination of a read operation, for example, are a file and a process, respectively. An indicator associated with this process and with this file is set to a first state representing that the file is safe for this process-file pair after the comparison of process and file security labels. Indicators associated with every other process presently capable of accessing this file are set to a second state representing that the file is unsafe for those process-file pairs. The steps of testing the security labels of a file and a process on a read (or write) operation are omitted when the indicator associated with the process-pair is set to the safe state.
The security labels of certain files are assigned a frozen status. The security labels of such files cannot be altered in response to attempted read or write operations. Therefore, an attempt to write a file having frozen status is denied when the security label of the writing process dominates that of the file. This mechanism is used to guarantee that data cannot be written to media external to the system, such as terminals, disk drives, tape drives and the like, unless the security label of the external medium clears the medium for access to the data.
In a preferred embodiment, the safe/unsafe indicator for each process-file pair actually comprises two indicators, a SAFE-TO-READ indicator and a SAFE-TO-WRITE indicator. For a given process-file pair, the SAFE-TO-READ indicator associated with the pair is set to a safe state on a request to read the file by the process if the security label of the process is found to dominate the security label of the file or if the security label of the process is raised as a result of the read. Similarly, the SAFE-TO-WRITE indicator associated with the pair is set to a safe state on a request to write the file if the label of the file dominates or is raised. All SAFE-TO-READ indicators for all other processes associated with the file are set to an unsafe state on a request to write the file when file label is raised and all SAFE-TO-WRITE indicators for all other files associated with the process are set to an unsafe state on a request to read the file when the process label is raised.
BRIEF DESCRIPTION OF THE DRAWING
In the drawing,
FIG. 1 shows the format of an illustrative security label in which one section defines a security level and a second section divides the security level into compartments to which the security level applies;
FIG. 2 illustrates the relationship between files, processes, file descriptors and safe-to-read/write bits, which are used to reduce the label verification overhead in an illustrative system used to explain the invention;
FIG. 3 shows an illustrative flowchart of the verification process for READ operations; and
FIG. 4 shows an illustrative flowchart of the verification process for WRITE operations.
DETAILED DESCRIPTION
The dynamic security label method described herein has been implemented in a research version of the UNIX operating system (UNIX is a registered trademark of AT&T). The invention is described in terms of this operating system. However, it is understood that this implementation is illustrative of the preferred embodiment and in no way limits applicability of the invention to other operating systems. In the UNIX system, processes (p) operate on files (f). A given file may be associated at any given time with more than one process. Each such process-file relationship is identified by a file descriptor (d). Processes may spawn child processes, i.e., images of itself. Such child processes inherit certain characteristics of the parent process, such as a process security label. However, new file descriptors are generated for a child process. Thus, file descriptors uniquely identify every instance of a process-file relationship. Another attribute of the UNIX system is that media external to a system are also represented by files. Thus, terminals, disk drives, tape drives and the like are represented internally in the system as files. Thus, a write to a terminal is accomplished as a write to the internal file representing the terminal. A further attribute of the UNIX system is its file system which is divided into directories, which again are represented by files. Each directory can consist of ordinary files and other subdirectories, and so on.
FIG. 1 introduces the notion of a security label as being associated with a process (p) or with a file (f). The illustrative security label in FIG. 1 is divided into two sections. The first SECURITY LEVEL section stores a numeric representation of an overall security level. This section might consist of three bits and be binary encoded to represent the customary military document classification levels unclassified, confidential, secret and top secret. The second section of FIG. 1, SECURITY COMPARTMENTS, further partition the SECURITY LEVEL. These bits might, for example, represent individual countries to which the security level applies. For example, the first two bits of SECURITY COMPARTMENTS might represent countries A and B, respectively. With the use of dynamic security labels, as files are read and written within the system, the labels associated with the files and with the processes performing the read and write operations are raised as necessary. On a read operation, a process label is raised to dominate the label of a file being read. On a write operation, a file label is raised to dominate the label of a process performing the write. However, in accordance with one aspect of the invention, the security labels associated with external media such as terminals, disk drives, tape drives and the like are frozen and cannot be altered, except by mechanisms having no relationship to the present invention. Thus, an attempt to write to a file representing an external medium having a security label that does not dominate the security label of the writing process is denied.
As one example of the use of dynamic labels, assume that a process is executing which has an initial security label 011 00. . . (secret security level with no clearance for countries A and B). Assume further that the process creates a new file NEWFILE. The new file initially may be labeled 000 00. . . by default. If the process attempts to write the name of the file into a directory, the security label of the directory is raised, if necessary, to at least that of the process. Now assume that the process reads another file OLDFILE, which say is labeled confidential for country A (001 10. . . ). In this case, the process label is raised to the logical union of the labels of the process and the file OLDFILE [(011 00. . .) UNION (001 10. . . )=(011 10. . . ). Finally, assume that the process attempts to write OLDFILE to a file associated with an output terminal. If the security label of the file associated with the terminal does not dominate that of OLDFILE, the write is denied.? Thus, security is maintained. The security labels of files and processes are raised as necessary for internal operations of the system. At a point when external access is attempted, however, access is denied unless the external access point has the proper authorization.
In the UNIX operating system, each file (f) that is opened by a process (p) is identified by a unique file descriptor (d). If two separate processes open the same file, each process-file pair is similarly identified by a different file descriptor, even though both processes are using the same file. FIG. 2 illustrates this process-file arrangement. In this FIG., a file (f) and a process (p) are joined by dotted lines to a file descriptor (d). When the process refers to the file, it does so through the operating system by means of the file descriptor. In accordance with the invention, two other indicators are associated with a file descriptor, a SAFE-TO-READ bit and a SAFE-TO-WRITE bit. These bits are shown in FIG. 2 as attached to the file descriptor by means of a solid line. The SAFE bits allow use of the dynamic label security method with acceptable system overhead, as described below. In accordance with the invention, also associated with each file is an indicator FROZEN, as shown in FIG. 2. The state of this indicator identifies whether or not the security label of the file may be raised at read and write time. The use of this file attribute is discussed further below in connection with attempted writes of data to media, such as terminals, that are external to the system.
FIG. 3 and FIG. 4 show illustrative flowcharts of algorithms that are executed by the operating system each time a read or a write operation, respectively, is requested by a process. In FIG. 3, when a read operation is requested by a process, step 300 interrogates the SAFE-TO-READ bit associated with the file descriptor in question. If the SAFE-TO-READ bit is set, this means that the security labels for this process and file have been verified on an earlier read operation and the labels raised, if necessary. The safe state of the bit implies that no further system operation has taken place since that time to invalidate the earlier verification. Thus, if the SAFE-TO-READ bit is set, the algorithm merely exits at 302 and other portions of the operating system, not shown, perform the read operation.
If the SAFE-TO-READ bit is not set at step 300, then the process and file security labels are verified. Step 304 determines if the label of the file in question is dominated by the label of the process requesting a read. If so, a read of the file by the process is permitted without any further ado. In this case, the SAFE-TO-READ bit is set at step 310 and exit is made at 312 to perform the read operation.
At step 304, if the security label of the process does not dominate that of the file, then step 306 raises the label of the process by an appropriate amount. In this illustrative embodiment, raising of the process label is performed by logically ORing the present process label with the present file label. Next, at step 308, the operating system searches for and determines all file descriptors (d) thatare associated with the present process (p). Step 308 then clears all the SAFE-TO-WRITE bits associated with the found file descriptors. This is necessary since the raising of the security label of the process has rendered future write operations by this process unsafe without reverification. After these operations have been performed, step 310 set the SAFE-TO-READ bit for this particular file descriptor and exit is made at 312.
In FIG. 4, when a write operation is requested by a process, step 400 interrogates the SAFE-TO-WRITE bit associated with the file descriptor in question. If the SAFE-TO-WRITE bit is set, this means that the security labels for this process and file have been verified on an earlier write operation and the labels raised, if necessary. The safe state of the bit implies that no further system operation has taken place since that time to invalidate the earlier verification. Thus, if the SAFE-TO-WRITE bit is set, the algorithm merely exits at 402 and other portions of the operating system, not shown, perform the write operation.
If the SAFE-TO-WRITE bit is not set at step 400, then the process and file security labels are verified. Step 404 determines if the label of the file in question dominates the label of the process requesting a write. If so, a write of the file by the process is permitted without any further ado. In this case, the SAFE-TO-WRITE bit is set at step 414 and exit is made at 416 to perform the write operation.
Recall that write operations are subject to a special consideration, namely, that writes to an external medium are not permitted by merely raising the security label of the file associated with the medium. Rather, the security labels of such external media are frozen at their assigned states. Therefore, at step 404, if the security label of the file does not dominate that of the process, then step 406 determines if the file security label is frozen. If the label is frozen, the write operation is denied by performing an error return to the operating system at 408. If the file security label is not frozen, step 410 raises the label of the file by an appropriate amount. In this illustrative embodiment, raising of the process label is performed by logically ORing the present process label with the present file label. Next, at step 412, the operating system searches for and determines all file descriptors (d) that are associated with the present file (f). Step 412 then clears all the SAFE-TO-READ bits associated with the found file descriptors. Clearing of the SAFE-TO-READ bits is necessary since the raising of the security label of the file has rendered all future read operations of this file unsafe without reverification. After these operations have been performed, step 414 sets the SAFE-TO-WRITE bit for this particular file descriptor and exit is made at 416 to perform the instant write operation.
It is to be understood that the above described arrangements are merely illustrative of the application of principles of the invention and that other arrangements may be devised by workers skilled in the art without departing from the spirit and scope of the invention.

Claims (13)

We claim:
1. A method of administering secure access to files of a computer system in which at least two different security levels are used to limit access to files and processes, comprising:
(a) associating a first security label defining one of said security levels with a file,
(b) associating a second security label defining one of said security levels with a process,
(c) comparing the first security label to the second security label in response to an attempt by the process to write the file,
(d) dynamically raising the security level of the file if the security level of the file does not dominate the security level of the process, characterized by,
(e) setting an indicator associated with this process and with this file to a first state representing that the process may subsequently write the file before performing step (c),
(f) setting an indicator associated with every other process that is presently capable of processing this file to a second state representing that the file may not be read by other processes if the security label is changed in step (d), and
(g) omitting steps (c) through (f) on subsequent write attempts of the file by a process when the indicator associated with the process-file pair is set to the first state.
2. The method of claim 1 further comprising the step of associating with the security labels of predefined files a status unalterable by the method, whereby the security label of such files cannot be altered in response to an attempted write operation.
3. The method of claim 2 wherein an attempt to write a file having said unalterable status and in which the security level of the process dominates that of the file is denied.
4. The method of claim 3 wherein such predefined files represent media external to the system.
5. The method of claim 4 wherein such media comprise access ports to the system.
6. The method of claim 5 wherein such access ports to the system comprise terminals, disk drives and tape drives.
7. The method of claim 1 wherein the indicator for a file-process pair further comprises a SAFE-TO-READ indicator and a SAFE-TO-WRITE indicator.
8. A method of administering secure access to files of a computer system in which at least two different security levels are used to limit access to files and processes, comprising:
(a) associating a first security label defining one of said security levels with a file,
(b) associating a second security label defining one of said security levels with a process,
(c) comparing the first security label to the second security label in response to an attempt by the process to read the file,
(d) dynamically raising the security level of the process if the security level of the process does not dominate the security level of the file, characterized by
(e) setting an indicator associated with this process and with this file to a first state representing that the file may subsequently be read by the process before performing step (c),
(f) setting an indicator associated with every other process that is presently capable of accessing this file to a second state representing that the file may not be written by the other processes if the security label is changed in step (d), and
(g) omitting steps (c) through (f) on subsequent read attempts of the file by a process when the indicator associated with the process-file pair is set to the first state.
9. The method of claim 8 further comprising the step of associating with the security level of predefined files a status unalterable by the method, whereby the security label of such files cannot be altered in response to an attempted read operation.
10. A method of administering secure access to files of a computer system in which at least two different security levels are used to limit access to files and processes, comprising:
(a) associating a first security label defining one of said levels with a file,
(b) associating a second security label defining one of said levels with a process adapted to write the file,
(c) associating a third security label defining one of said levels with a process adapted to read the file,
(d) responsive to an attempt by the write process to write the file, comparing the first and second security labels,
(e) if the first security label identifies a more rigorous security level than the second security label, setting a first indicator, jointly associated with the file and the write process, to a state which indicates the write process may subsequently write the file,
(f) if the first security label does not identify a more rigorous security level than the second security label, changing the first security label so that it identifies a security level at least as rigorous as the second security label; setting said first indicator, jointly associated with the file and the write process, to a state which indicates the write process may subsequently write the file; and setting a second indicator, jointly associated with the file and the read process, to a state which indicates that the read process may not subsequently read the file without comparing the first and third security labels respectively associated with the file and the read process,
(g) omitting steps (d) through (g) on subsequent attempts by the write process to write the file when said first indicator is set to the state which indicates that the write process may subsequently write the file.
11. A method of administering secure access to files of a computer system in which at least two different security levels are used to limit access to files and processes, comprising:
(a) associating a first security label defining one of said levels with a file,
(b) associating a second security label defining one of said levels with a process adapted to write the file,
(c) associating a third security label defining one of said levels with a process adapted to read the file,
(d) responsive to an attempt by the read process to read the file, comparing the first and third security labels,
(e) if the third security label identifies a more rigorous security level than the first security label, setting a first indicator, jointly associated with the file and the read process, to a state which indicates the read process may subsequently read the file,
(f) if the third security label does not identify a more rigorous security level than the first security label, changing the third security label so that it identifies a security level at least as rigorous as the first security label; setting said first indicator, jointly associated with the file and the read process, to a state which indicates the read process may subsequently read the file; and setting a second indicator, jointly associated with the file and the write process, to a state which indicates that the write process may not subsequently write the file without comparing the first and second security labels respectively associated with the file and the write process,
(g) omitting steps (d) through (g) on subsequent attempts by the read process to read the file when said first indicator is set to the state which indicates that the read process may subsequently read the file.
12. The method of administering secure access to files in a computer system in which at least two different security levels are used to limit access to files and processes, comprising:
(a) associating a security level with a file,
(b) associating a security level with a process,
(c) initially setting a security indicator jointly associated with the file and the process to a first or a second state,
(d) when the process attempts to read or write the file, determining the state of said security indicator,
(e) allowing the attempt to succeed if said indicator is in the first state,
(f) if said indicator is in the second state, comparing the security level of the process with the security level of the file,
(g) allowing the attempt to succeed where the security levels of the process and the file meet predetermined criteria, and setting said indicator to the first state,
(h) where the security levels do not meet the predefined criteria, allowing the attempt to succeed, setting said indicator to the first state, and setting other security indicators jointly associated with the file and other of said processes to the second state.
13. The method of claim 12 further comprising the step of assigning the file a critical status indication and inhibiting the completion of the attempt in step (h) responsive thereto.
US07/277,630 1988-11-30 1988-11-30 Secure file handling in a computer operating system Expired - Lifetime US4984272A (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
US07/277,630 US4984272A (en) 1988-11-30 1988-11-30 Secure file handling in a computer operating system
CA002001863A CA2001863C (en) 1988-11-30 1989-10-31 Secure file handling in a computer operating system
EP89312048A EP0371673B1 (en) 1988-11-30 1989-11-21 Secure file handling in a computer operating system
JP1309440A JP2603344B2 (en) 1988-11-30 1989-11-30 How to manage sensitive access to files on computer systems

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US07/277,630 US4984272A (en) 1988-11-30 1988-11-30 Secure file handling in a computer operating system

Publications (1)

Publication Number Publication Date
US4984272A true US4984272A (en) 1991-01-08

Family

ID=23061714

Family Applications (1)

Application Number Title Priority Date Filing Date
US07/277,630 Expired - Lifetime US4984272A (en) 1988-11-30 1988-11-30 Secure file handling in a computer operating system

Country Status (4)

Country Link
US (1) US4984272A (en)
EP (1) EP0371673B1 (en)
JP (1) JP2603344B2 (en)
CA (1) CA2001863C (en)

Cited By (116)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5144660A (en) * 1988-08-31 1992-09-01 Rose Anthony M Securing a computer against undesired write operations to or read operations from a mass storage device
US5305456A (en) * 1991-10-11 1994-04-19 Security Integration, Inc. Apparatus and method for computer system integrated security
US5315657A (en) * 1990-09-28 1994-05-24 Digital Equipment Corporation Compound principals in access control lists
US5349643A (en) * 1993-05-10 1994-09-20 International Business Machines Corporation System and method for secure initial program load for diskless workstations
US5369707A (en) * 1993-01-27 1994-11-29 Tecsec Incorporated Secure network method and apparatus
US5369702A (en) * 1993-10-18 1994-11-29 Tecsec Incorporated Distributed cryptographic object method
US5406624A (en) * 1992-09-04 1995-04-11 Algorithmic Research Ltd. Data processor systems
US5454000A (en) * 1992-07-13 1995-09-26 International Business Machines Corporation Method and system for authenticating files
US5475833A (en) * 1991-09-04 1995-12-12 International Business Machines Corporation Database system for facilitating comparison of related information stored in a distributed resource
US5504814A (en) * 1991-07-10 1996-04-02 Hughes Aircraft Company Efficient security kernel for the 80960 extended architecture
WO1996010224A2 (en) * 1994-09-23 1996-04-04 Bull Hn Information Systems Inc. Mechanism for linking together the files of emulated and host system for access by emulated system users
US5627967A (en) * 1991-09-24 1997-05-06 International Business Machines Corporation Automated generation on file access control system commands in a data processing system with front end processing of a master list
US5680452A (en) * 1993-10-18 1997-10-21 Tecsec Inc. Distributed cryptographic object method
US5692124A (en) * 1996-08-30 1997-11-25 Itt Industries, Inc. Support of limited write downs through trustworthy predictions in multilevel security of computer network communications
US5844497A (en) * 1996-11-07 1998-12-01 Litronic, Inc. Apparatus and method for providing an authentication system
US5920570A (en) * 1996-11-26 1999-07-06 Lucent Technologies Inc. Reliable multi-cast queue
US5937159A (en) * 1997-03-28 1999-08-10 Data General Corporation Secure computer system
US5949601A (en) * 1995-03-10 1999-09-07 Iomega Corporation Read/write protect scheme for a disk cartridge and drive
US5999622A (en) * 1995-11-22 1999-12-07 Microsoft Corporation Method and apparatus for protecting widely distributed digital information
US6011847A (en) * 1995-06-01 2000-01-04 Follendore, Iii; Roy D. Cryptographic access and labeling system
US6055634A (en) * 1995-03-14 2000-04-25 Gec-Marconi Limited Secure internal communication system
US6073106A (en) * 1998-10-30 2000-06-06 Nehdc, Inc. Method of managing and controlling access to personal information
US6105132A (en) * 1997-02-20 2000-08-15 Novell, Inc. Computer network graded authentication system and method
US6119244A (en) * 1998-08-25 2000-09-12 Network Appliance, Inc. Coordinating persistent status information with multiple file servers
US6192408B1 (en) * 1997-09-26 2001-02-20 Emc Corporation Network file server sharing local caches of file access information in data processors assigned to respective file systems
US6212636B1 (en) 1997-05-01 2001-04-03 Itt Manufacturing Enterprises Method for establishing trust in a computer network via association
US6268788B1 (en) 1996-11-07 2001-07-31 Litronic Inc. Apparatus and method for providing an authentication system based on biometrics
US6279011B1 (en) 1998-06-19 2001-08-21 Network Appliance, Inc. Backup and restore for heterogeneous file server environment
US6289356B1 (en) 1993-06-03 2001-09-11 Network Appliance, Inc. Write anywhere file-system layout
US6317844B1 (en) 1998-03-10 2001-11-13 Network Appliance, Inc. File server storage arrangement
US6343984B1 (en) 1998-11-30 2002-02-05 Network Appliance, Inc. Laminar flow duct cooling system
US20020019936A1 (en) * 1998-03-03 2002-02-14 David Hitz File access control in a multi-protocol file server
US6367017B1 (en) 1996-11-07 2002-04-02 Litronic Inc. Apparatus and method for providing and authentication system
US20020095591A1 (en) * 2001-01-12 2002-07-18 Daniell William T. System and method for protecting a security profile of a computer system
US20020120575A1 (en) * 2001-02-23 2002-08-29 Hewlett-Packard Company Method of and apparatus for ascertaining the status of a data processing environment
US6480969B1 (en) 1993-06-04 2002-11-12 Network Appliance, Inc. Providing parity in a RAID sub-system using non-volatile memory
US20020184511A1 (en) * 1997-05-08 2002-12-05 Kolouch James L. Secure accounting and operational control reporting system
US20020194086A1 (en) * 2001-06-19 2002-12-19 Hewlett-Packard Company Interaction with electronic services and markets
US20020194493A1 (en) * 2000-11-28 2002-12-19 Hewlett-Packard Company Demonstrating integrity of a compartment of a compartmented operating system
US20020194496A1 (en) * 2001-06-19 2002-12-19 Jonathan Griffin Multiple trusted computing environments
US20020194132A1 (en) * 2001-06-19 2002-12-19 Hewlett-Packard Company Renting a computing environment on a trusted computing platform
US20030009685A1 (en) * 2001-06-29 2003-01-09 Tse-Huong Choo System and method for file system mandatory access control
US6516351B2 (en) 1997-12-05 2003-02-04 Network Appliance, Inc. Enforcing uniform file-locking for diverse file-locking protocols
US20030039358A1 (en) * 1998-02-13 2003-02-27 Scheidt Edward M. Cryptographic key split binding process and apparatus
US20030041250A1 (en) * 2001-07-27 2003-02-27 Proudler Graeme John Privacy of data on a computer platform
US20030050962A1 (en) * 1999-10-07 2003-03-13 Robert Charles Monsen Method and apparatus for securing information access
US6574591B1 (en) 1998-07-31 2003-06-03 Network Appliance, Inc. File systems image transfer between dissimilar file systems
US20030105981A1 (en) * 2001-12-04 2003-06-05 Miller Lawrence R. System and method for single session sign-on
US20030135504A1 (en) * 2002-01-14 2003-07-17 Ferhan Elvanoglu Security settings for markup language elements
US20030145235A1 (en) * 2001-01-31 2003-07-31 Choo Tse Huong Network adapter management
US6604118B2 (en) 1998-07-31 2003-08-05 Network Appliance, Inc. File system image transfer
US20030149895A1 (en) * 2001-01-31 2003-08-07 Choo Tse Huong Trusted gateway system
US20030154397A1 (en) * 2002-02-01 2003-08-14 Larsen Vincent Alan Method and apparatus for implementing process-based security in a computer system
US20030172109A1 (en) * 2001-01-31 2003-09-11 Dalton Christoper I. Trusted operating system
US20030226031A1 (en) * 2001-11-22 2003-12-04 Proudler Graeme John Apparatus and method for creating a trusted environment
US20030226014A1 (en) * 2002-05-31 2003-12-04 Schmidt Rodney W. Trusted client utilizing security kernel under secure execution mode
US20040015701A1 (en) * 2002-07-16 2004-01-22 Flyntz Terence T. Multi-level and multi-category data labeling system
US20040019505A1 (en) * 2000-02-24 2004-01-29 Bowman Bradley R. Personalized health communication system
US20040034833A1 (en) * 1999-11-12 2004-02-19 Panagiotis Kougiouris Dynamic interaction manager for markup language graphical user interface
US20040034686A1 (en) * 2000-02-22 2004-02-19 David Guthrie System and method for delivering targeted data to a subscriber base via a computer network
US20040039993A1 (en) * 1999-10-12 2004-02-26 Panagiotis Kougiouris Automatic formatting and validating of text for a markup language graphical user interface
US20040044548A1 (en) * 2000-02-24 2004-03-04 Marshall Philip D. Personalized health history system with accommodation for consumer health terminology
US6715034B1 (en) 1999-12-13 2004-03-30 Network Appliance, Inc. Switching file system request in a mass storage system
US6724554B1 (en) 1995-03-10 2004-04-20 Iomega Corporation Read/write protect scheme for a disk cartridge and drive
US20040088219A1 (en) * 2002-11-05 2004-05-06 First Usa Bank, N.A. System and method for providing incentives to consumers to share information
US20040093525A1 (en) * 2002-02-01 2004-05-13 Larnen Vincent Alan Process based security tai building
US20040152851A1 (en) * 2003-01-31 2004-08-05 Weiqing Weng Polymerization process
US20040158734A1 (en) * 2002-02-01 2004-08-12 Larsen Vincent Alan System and method for process-based security in a portable electronic device
US20040168090A1 (en) * 1999-10-12 2004-08-26 Webmd Corp. System and method for delegating a user authentication process for a networked application to an authentication agent
US20040208316A1 (en) * 1998-02-13 2004-10-21 Wack C. Jay Cryptographic key split binder for use with tagged data elements
US20040221294A1 (en) * 2003-04-30 2004-11-04 International Business Machines Corporation Method and system for optimizing file table usage
US20040243845A1 (en) * 2002-02-01 2004-12-02 Larsen Vincent Alan System and method for process-based security in a network device
US20040268139A1 (en) * 2003-06-25 2004-12-30 Microsoft Corporation Systems and methods for declarative client input security screening
US20050004895A1 (en) * 1999-12-01 2005-01-06 Webmd Corp. System and method for implementing a global master patient index
US20050027919A1 (en) * 1999-02-02 2005-02-03 Kazuhisa Aruga Disk subsystem
US20050028171A1 (en) * 1999-11-12 2005-02-03 Panagiotis Kougiouris System and method enabling multiple processes to efficiently log events
US20050060579A1 (en) * 2003-09-15 2005-03-17 Anexsys, L.L.C. Secure network system and associated method of use
US6871277B1 (en) * 1998-10-20 2005-03-22 Canon Kabushiki Kaisha Apparatus and method for preventing disclosure of protected information
US20050078995A1 (en) * 2001-12-21 2005-04-14 Bever Mario Van Label printer
US6883120B1 (en) 1999-12-03 2005-04-19 Network Appliance, Inc. Computer assisted automatic error detection and diagnosis of file servers
US20050091522A1 (en) * 2001-06-29 2005-04-28 Hearn Michael A. Security system and method for computers
US6961749B1 (en) 1999-08-25 2005-11-01 Network Appliance, Inc. Scalable file server with highly available pairs
US20060004607A1 (en) * 2000-02-24 2006-01-05 Philip Marshall Personalized health history system with accommodation for consumer health terminology
US20060106703A1 (en) * 2000-11-02 2006-05-18 First Usa Bank, Na System and method for aggregate portfolio client support
US20060277218A1 (en) * 2005-06-03 2006-12-07 Microsoft Corporation Running internet applications with low rights
US7174352B2 (en) 1993-06-03 2007-02-06 Network Appliance, Inc. File system image transfer
US20070186112A1 (en) * 2005-01-28 2007-08-09 Microsoft Corporation Controlling execution of computer applications
US20070192618A1 (en) * 1999-07-02 2007-08-16 Kimberly Ellmore System and method for single sign on process for websites with multiple applications and services
US7302698B1 (en) 1999-09-17 2007-11-27 Hewlett-Packard Development Company, L.P. Operation of trusted state in computing platform
US7305475B2 (en) 1999-10-12 2007-12-04 Webmd Health System and method for enabling a client application to operate offline from a server
US20070300064A1 (en) * 2006-06-23 2007-12-27 Microsoft Corporation Communication across domains
US20080016180A1 (en) * 2001-07-12 2008-01-17 Jpmorganchase Bank, N.A. System And Method For Providing Discriminated Content to Network Users
US20080046451A1 (en) * 2003-03-04 2008-02-21 Haase William T Methods, systems and program products for classifying and storing a data handling method and for associating a data handling method with a data item
US20080184329A1 (en) * 2007-01-25 2008-07-31 Microsoft Corporation Labeling of data objects to apply and enforce policies
US20080215367A1 (en) * 2007-02-02 2008-09-04 Webmd Health Personalized Health Records with Associative Relationships
US20080313648A1 (en) * 2007-06-14 2008-12-18 Microsoft Corporation Protection and communication abstractions for web browsers
US7650501B1 (en) * 2005-02-15 2010-01-19 Sun Microsystems, Inc. System and methods for construction, fusion, prosecution, and maintenance of minimized operating environments
US20100138922A1 (en) * 2008-12-02 2010-06-03 Arthur Zaifman Methods, Systems, and Products for Secure Access to File System Structures
US7756816B2 (en) 2002-10-02 2010-07-13 Jpmorgan Chase Bank, N.A. System and method for network-based project management
US20100180339A1 (en) * 2007-05-18 2010-07-15 Secure Keys Pty Limited Security token and system and method for generating and decoding the security token
US20100211778A1 (en) * 2003-01-30 2010-08-19 Satoru Tanaka Security management device and security management method
US7802294B2 (en) 2005-01-28 2010-09-21 Microsoft Corporation Controlling computer applications' access to data
US20110116628A1 (en) * 1998-02-13 2011-05-19 Tecsec, Inc. Cryptographic key split binder for use with tagged data elements
US8160960B1 (en) 2001-06-07 2012-04-17 Jpmorgan Chase Bank, N.A. System and method for rapid updating of credit information
US8218765B2 (en) 2001-02-23 2012-07-10 Hewlett-Packard Development Company, L.P. Information system
US8296162B1 (en) 2005-02-01 2012-10-23 Webmd Llc. Systems, devices, and methods for providing healthcare information
USRE44131E1 (en) 1995-06-02 2013-04-02 Fujitsu Limited Storage device having function for coping with computer virus
US20130086678A1 (en) * 2006-06-20 2013-04-04 Microsoft Corporation Integrating security protection tools with computer device integrity and privacy policy
US8539587B2 (en) 2005-03-22 2013-09-17 Hewlett-Packard Development Company, L.P. Methods, devices and data structures for trusted data
US20130339313A1 (en) * 2012-06-15 2013-12-19 Apple Inc. Guarded file descriptors
US8712046B2 (en) 1997-02-13 2014-04-29 Tecsec Inc. Cryptographic key split combiner
US8849716B1 (en) 2001-04-20 2014-09-30 Jpmorgan Chase Bank, N.A. System and method for preventing identity theft or misuse by restricting access
US9674202B1 (en) 2015-12-29 2017-06-06 Imperva, Inc. Techniques for preventing large-scale data breaches utilizing differentiated protection layers
US9674201B1 (en) 2015-12-29 2017-06-06 Imperva, Inc. Unobtrusive protection for large-scale data breaches utilizing user-specific data object access budgets
US10586076B2 (en) * 2015-08-24 2020-03-10 Acronis International Gmbh System and method for controlling access to OS resources
US10726417B1 (en) 2002-03-25 2020-07-28 Jpmorgan Chase Bank, N.A. Systems and methods for multifactor authentication

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0746926B1 (en) * 1992-12-14 2003-10-29 The Commonwealth Of Australia Complex document security
KR100202941B1 (en) * 1994-10-31 1999-06-15 배길훈 Car collision type judging device taking advantage of three-direction speed reduction signal
JPH08272625A (en) * 1995-03-29 1996-10-18 Toshiba Corp Device and method for multiprogram execution control

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4858117A (en) * 1987-08-07 1989-08-15 Bull Hn Information Systems Inc. Apparatus and method for preventing computer access by unauthorized personnel
US4864616A (en) * 1987-10-15 1989-09-05 Micronyx, Inc. Cryptographic labeling of electronically stored data
US4885789A (en) * 1988-02-01 1989-12-05 International Business Machines Corporation Remote trusted path mechanism for telnet
US4918653A (en) * 1988-01-28 1990-04-17 International Business Machines Corporation Trusted path mechanism for an operating system
US4926476A (en) * 1989-02-03 1990-05-15 Motorola, Inc. Method and apparatus for secure execution of untrusted software

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4135240A (en) * 1973-07-09 1979-01-16 Bell Telephone Laboratories, Incorporated Protection of data file contents

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4858117A (en) * 1987-08-07 1989-08-15 Bull Hn Information Systems Inc. Apparatus and method for preventing computer access by unauthorized personnel
US4864616A (en) * 1987-10-15 1989-09-05 Micronyx, Inc. Cryptographic labeling of electronically stored data
US4918653A (en) * 1988-01-28 1990-04-17 International Business Machines Corporation Trusted path mechanism for an operating system
US4885789A (en) * 1988-02-01 1989-12-05 International Business Machines Corporation Remote trusted path mechanism for telnet
US4926476A (en) * 1989-02-03 1990-05-15 Motorola, Inc. Method and apparatus for secure execution of untrusted software

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Cryptography and Data Security, D. Denning, Addison Wesley, 1982, Chapter 4, pp. 191 258, 287. *
Cryptography and Data Security, D. Denning, Addison-Wesley, 1982, Chapter 4, pp. 191-258, 287.

Cited By (189)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5144660A (en) * 1988-08-31 1992-09-01 Rose Anthony M Securing a computer against undesired write operations to or read operations from a mass storage device
US5315657A (en) * 1990-09-28 1994-05-24 Digital Equipment Corporation Compound principals in access control lists
US5504814A (en) * 1991-07-10 1996-04-02 Hughes Aircraft Company Efficient security kernel for the 80960 extended architecture
US5475833A (en) * 1991-09-04 1995-12-12 International Business Machines Corporation Database system for facilitating comparison of related information stored in a distributed resource
US5627967A (en) * 1991-09-24 1997-05-06 International Business Machines Corporation Automated generation on file access control system commands in a data processing system with front end processing of a master list
US5305456A (en) * 1991-10-11 1994-04-19 Security Integration, Inc. Apparatus and method for computer system integrated security
US5454000A (en) * 1992-07-13 1995-09-26 International Business Machines Corporation Method and system for authenticating files
US5406624A (en) * 1992-09-04 1995-04-11 Algorithmic Research Ltd. Data processor systems
US5369707A (en) * 1993-01-27 1994-11-29 Tecsec Incorporated Secure network method and apparatus
US5349643A (en) * 1993-05-10 1994-09-20 International Business Machines Corporation System and method for secure initial program load for diskless workstations
US7174352B2 (en) 1993-06-03 2007-02-06 Network Appliance, Inc. File system image transfer
US6289356B1 (en) 1993-06-03 2001-09-11 Network Appliance, Inc. Write anywhere file-system layout
US6480969B1 (en) 1993-06-04 2002-11-12 Network Appliance, Inc. Providing parity in a RAID sub-system using non-volatile memory
US5898781A (en) * 1993-10-18 1999-04-27 Tecsec Incorporated Distributed cryptographic object method
US5369702A (en) * 1993-10-18 1994-11-29 Tecsec Incorporated Distributed cryptographic object method
US5680452A (en) * 1993-10-18 1997-10-21 Tecsec Inc. Distributed cryptographic object method
US5717755A (en) * 1993-10-18 1998-02-10 Tecsec,Inc. Distributed cryptographic object method
WO1996010224A3 (en) * 1994-09-23 1996-05-09 Bull Hn Information Syst Mechanism for linking together the files of emulated and host system for access by emulated system users
WO1996010224A2 (en) * 1994-09-23 1996-04-04 Bull Hn Information Systems Inc. Mechanism for linking together the files of emulated and host system for access by emulated system users
US6104561A (en) * 1995-03-10 2000-08-15 Iomega Corporation Read/write protect scheme for a disk cartridge and drive
US5949601A (en) * 1995-03-10 1999-09-07 Iomega Corporation Read/write protect scheme for a disk cartridge and drive
US6724554B1 (en) 1995-03-10 2004-04-20 Iomega Corporation Read/write protect scheme for a disk cartridge and drive
US6055634A (en) * 1995-03-14 2000-04-25 Gec-Marconi Limited Secure internal communication system
US6011847A (en) * 1995-06-01 2000-01-04 Follendore, Iii; Roy D. Cryptographic access and labeling system
USRE44131E1 (en) 1995-06-02 2013-04-02 Fujitsu Limited Storage device having function for coping with computer virus
US5999622A (en) * 1995-11-22 1999-12-07 Microsoft Corporation Method and apparatus for protecting widely distributed digital information
US5692124A (en) * 1996-08-30 1997-11-25 Itt Industries, Inc. Support of limited write downs through trustworthy predictions in multilevel security of computer network communications
US6087955A (en) * 1996-11-07 2000-07-11 Litronic, Inc. Apparatus and method for providing an authentication system
US5844497A (en) * 1996-11-07 1998-12-01 Litronic, Inc. Apparatus and method for providing an authentication system
US6367017B1 (en) 1996-11-07 2002-04-02 Litronic Inc. Apparatus and method for providing and authentication system
US6268788B1 (en) 1996-11-07 2001-07-31 Litronic Inc. Apparatus and method for providing an authentication system based on biometrics
US5920570A (en) * 1996-11-26 1999-07-06 Lucent Technologies Inc. Reliable multi-cast queue
US8712046B2 (en) 1997-02-13 2014-04-29 Tecsec Inc. Cryptographic key split combiner
US6105132A (en) * 1997-02-20 2000-08-15 Novell, Inc. Computer network graded authentication system and method
US5937159A (en) * 1997-03-28 1999-08-10 Data General Corporation Secure computer system
US6212636B1 (en) 1997-05-01 2001-04-03 Itt Manufacturing Enterprises Method for establishing trust in a computer network via association
US20020184511A1 (en) * 1997-05-08 2002-12-05 Kolouch James L. Secure accounting and operational control reporting system
US6694433B1 (en) 1997-05-08 2004-02-17 Tecsec, Inc. XML encryption scheme
US6192408B1 (en) * 1997-09-26 2001-02-20 Emc Corporation Network file server sharing local caches of file access information in data processors assigned to respective file systems
US7293097B2 (en) 1997-12-05 2007-11-06 Network Appliance, Inc. Enforcing uniform file-locking for diverse file-locking protocols
US20030065796A1 (en) * 1997-12-05 2003-04-03 Network Appliance, Inc. Enforcing uniform file-locking for diverse file-locking protocols
US6516351B2 (en) 1997-12-05 2003-02-04 Network Appliance, Inc. Enforcing uniform file-locking for diverse file-locking protocols
US20040208316A1 (en) * 1998-02-13 2004-10-21 Wack C. Jay Cryptographic key split binder for use with tagged data elements
US20110116628A1 (en) * 1998-02-13 2011-05-19 Tecsec, Inc. Cryptographic key split binder for use with tagged data elements
US7095852B2 (en) 1998-02-13 2006-08-22 Tecsec, Inc. Cryptographic key split binder for use with tagged data elements
US7079653B2 (en) 1998-02-13 2006-07-18 Tecsec, Inc. Cryptographic key split binding process and apparatus
US20030039358A1 (en) * 1998-02-13 2003-02-27 Scheidt Edward M. Cryptographic key split binding process and apparatus
US8077870B2 (en) 1998-02-13 2011-12-13 Tecsec, Inc. Cryptographic key split binder for use with tagged data elements
US6457130B2 (en) * 1998-03-03 2002-09-24 Network Appliance, Inc. File access control in a multi-protocol file server
US20020019936A1 (en) * 1998-03-03 2002-02-14 David Hitz File access control in a multi-protocol file server
US6317844B1 (en) 1998-03-10 2001-11-13 Network Appliance, Inc. File server storage arrangement
US6279011B1 (en) 1998-06-19 2001-08-21 Network Appliance, Inc. Backup and restore for heterogeneous file server environment
US6604118B2 (en) 1998-07-31 2003-08-05 Network Appliance, Inc. File system image transfer
US6574591B1 (en) 1998-07-31 2003-06-03 Network Appliance, Inc. File systems image transfer between dissimilar file systems
US6119244A (en) * 1998-08-25 2000-09-12 Network Appliance, Inc. Coordinating persistent status information with multiple file servers
US6871277B1 (en) * 1998-10-20 2005-03-22 Canon Kabushiki Kaisha Apparatus and method for preventing disclosure of protected information
US6073106A (en) * 1998-10-30 2000-06-06 Nehdc, Inc. Method of managing and controlling access to personal information
US6468150B1 (en) 1998-11-30 2002-10-22 Network Appliance, Inc. Laminar flow duct cooling system
US6343984B1 (en) 1998-11-30 2002-02-05 Network Appliance, Inc. Laminar flow duct cooling system
US7836249B2 (en) 1999-02-02 2010-11-16 Hitachi, Ltd. Disk subsystem
US7032062B2 (en) 1999-02-02 2006-04-18 Hitachi, Ltd. Disk subsystem
US20050027919A1 (en) * 1999-02-02 2005-02-03 Kazuhisa Aruga Disk subsystem
US8554979B2 (en) 1999-02-02 2013-10-08 Hitachi, Ltd. Disk subsystem
US8949503B2 (en) 1999-02-02 2015-02-03 Hitachi, Ltd. Disk subsystem
US8234437B2 (en) 1999-02-02 2012-07-31 Hitachi, Ltd. Disk subsystem
US20070219991A1 (en) * 1999-02-22 2007-09-20 David Guthrie System and method for delivering targeted data to a subscriber base via a computer network
US20070192618A1 (en) * 1999-07-02 2007-08-16 Kimberly Ellmore System and method for single sign on process for websites with multiple applications and services
US7966496B2 (en) 1999-07-02 2011-06-21 Jpmorgan Chase Bank, N.A. System and method for single sign on process for websites with multiple applications and services
US8590008B1 (en) 1999-07-02 2013-11-19 Jpmorgan Chase Bank, N.A. System and method for single sign on process for websites with multiple applications and services
US6961749B1 (en) 1999-08-25 2005-11-01 Network Appliance, Inc. Scalable file server with highly available pairs
US7302698B1 (en) 1999-09-17 2007-11-27 Hewlett-Packard Development Company, L.P. Operation of trusted state in computing platform
US7043553B2 (en) * 1999-10-07 2006-05-09 Cisco Technology, Inc. Method and apparatus for securing information access
US20030050962A1 (en) * 1999-10-07 2003-03-13 Robert Charles Monsen Method and apparatus for securing information access
US7877492B2 (en) 1999-10-12 2011-01-25 Webmd Corporation System and method for delegating a user authentication process for a networked application to an authentication agent
US7519905B2 (en) 1999-10-12 2009-04-14 Webmd Corp. Automatic formatting and validating of text for a markup language graphical user interface
US7305475B2 (en) 1999-10-12 2007-12-04 Webmd Health System and method for enabling a client application to operate offline from a server
US20040039993A1 (en) * 1999-10-12 2004-02-26 Panagiotis Kougiouris Automatic formatting and validating of text for a markup language graphical user interface
US20040168090A1 (en) * 1999-10-12 2004-08-26 Webmd Corp. System and method for delegating a user authentication process for a networked application to an authentication agent
US20040034833A1 (en) * 1999-11-12 2004-02-19 Panagiotis Kougiouris Dynamic interaction manager for markup language graphical user interface
US20050028171A1 (en) * 1999-11-12 2005-02-03 Panagiotis Kougiouris System and method enabling multiple processes to efficiently log events
US7725331B2 (en) 1999-12-01 2010-05-25 Webmd Corporation System and method for implementing a global master patient index
US20050004895A1 (en) * 1999-12-01 2005-01-06 Webmd Corp. System and method for implementing a global master patient index
US6883120B1 (en) 1999-12-03 2005-04-19 Network Appliance, Inc. Computer assisted automatic error detection and diagnosis of file servers
US6715034B1 (en) 1999-12-13 2004-03-30 Network Appliance, Inc. Switching file system request in a mass storage system
US20040034686A1 (en) * 2000-02-22 2004-02-19 David Guthrie System and method for delivering targeted data to a subscriber base via a computer network
US20040044548A1 (en) * 2000-02-24 2004-03-04 Marshall Philip D. Personalized health history system with accommodation for consumer health terminology
US8712792B2 (en) 2000-02-24 2014-04-29 Webmd, Llc Personalized health communication system
US8775197B2 (en) 2000-02-24 2014-07-08 Webmd, Llc Personalized health history system with accommodation for consumer health terminology
US20040019505A1 (en) * 2000-02-24 2004-01-29 Bowman Bradley R. Personalized health communication system
US8612245B2 (en) 2000-02-24 2013-12-17 Webmd Llc Personalized health history system with accommodation for consumer health terminology
US20060004607A1 (en) * 2000-02-24 2006-01-05 Philip Marshall Personalized health history system with accommodation for consumer health terminology
US20060106703A1 (en) * 2000-11-02 2006-05-18 First Usa Bank, Na System and method for aggregate portfolio client support
US9633206B2 (en) 2000-11-28 2017-04-25 Hewlett-Packard Development Company, L.P. Demonstrating integrity of a compartment of a compartmented operating system
US20020194493A1 (en) * 2000-11-28 2002-12-19 Hewlett-Packard Company Demonstrating integrity of a compartment of a compartmented operating system
US20020095591A1 (en) * 2001-01-12 2002-07-18 Daniell William T. System and method for protecting a security profile of a computer system
US7065644B2 (en) * 2001-01-12 2006-06-20 Hewlett-Packard Development Company, L.P. System and method for protecting a security profile of a computer system
US20030145235A1 (en) * 2001-01-31 2003-07-31 Choo Tse Huong Network adapter management
US20030172109A1 (en) * 2001-01-31 2003-09-11 Dalton Christoper I. Trusted operating system
US20030149895A1 (en) * 2001-01-31 2003-08-07 Choo Tse Huong Trusted gateway system
US8218765B2 (en) 2001-02-23 2012-07-10 Hewlett-Packard Development Company, L.P. Information system
US8219496B2 (en) 2001-02-23 2012-07-10 Hewlett-Packard Development Company, L.P. Method of and apparatus for ascertaining the status of a data processing environment
US20020120575A1 (en) * 2001-02-23 2002-08-29 Hewlett-Packard Company Method of and apparatus for ascertaining the status of a data processing environment
US10380374B2 (en) 2001-04-20 2019-08-13 Jpmorgan Chase Bank, N.A. System and method for preventing identity theft or misuse by restricting access
US8849716B1 (en) 2001-04-20 2014-09-30 Jpmorgan Chase Bank, N.A. System and method for preventing identity theft or misuse by restricting access
US8160960B1 (en) 2001-06-07 2012-04-17 Jpmorgan Chase Bank, N.A. System and method for rapid updating of credit information
US20020194496A1 (en) * 2001-06-19 2002-12-19 Jonathan Griffin Multiple trusted computing environments
US20020194132A1 (en) * 2001-06-19 2002-12-19 Hewlett-Packard Company Renting a computing environment on a trusted computing platform
US20020194086A1 (en) * 2001-06-19 2002-12-19 Hewlett-Packard Company Interaction with electronic services and markets
US7865876B2 (en) 2001-06-19 2011-01-04 Hewlett-Packard Development Company, L.P. Multiple trusted computing environments
US7962950B2 (en) * 2001-06-29 2011-06-14 Hewlett-Packard Development Company, L.P. System and method for file system mandatory access control
US20030009685A1 (en) * 2001-06-29 2003-01-09 Tse-Huong Choo System and method for file system mandatory access control
US8474021B2 (en) * 2001-06-29 2013-06-25 Secure Systems Limited Security system and method for computers
US20050091522A1 (en) * 2001-06-29 2005-04-28 Hearn Michael A. Security system and method for computers
US8185940B2 (en) 2001-07-12 2012-05-22 Jpmorgan Chase Bank, N.A. System and method for providing discriminated content to network users
US20080016180A1 (en) * 2001-07-12 2008-01-17 Jpmorganchase Bank, N.A. System And Method For Providing Discriminated Content to Network Users
US20030041250A1 (en) * 2001-07-27 2003-02-27 Proudler Graeme John Privacy of data on a computer platform
US20030226031A1 (en) * 2001-11-22 2003-12-04 Proudler Graeme John Apparatus and method for creating a trusted environment
US7376974B2 (en) 2001-11-22 2008-05-20 Hewlett-Packard Development Company, L.P. Apparatus and method for creating a trusted environment
US7987501B2 (en) 2001-12-04 2011-07-26 Jpmorgan Chase Bank, N.A. System and method for single session sign-on
US20030105981A1 (en) * 2001-12-04 2003-06-05 Miller Lawrence R. System and method for single session sign-on
US8707410B2 (en) 2001-12-04 2014-04-22 Jpmorgan Chase Bank, N.A. System and method for single session sign-on
US20050078995A1 (en) * 2001-12-21 2005-04-14 Bever Mario Van Label printer
US7318238B2 (en) * 2002-01-14 2008-01-08 Microsoft Corporation Security settings for markup language elements
US20030135504A1 (en) * 2002-01-14 2003-07-17 Ferhan Elvanoglu Security settings for markup language elements
US20050055581A1 (en) * 2002-02-01 2005-03-10 Larsen Vincent Alan Financial transaction server with process-based security
US20040158734A1 (en) * 2002-02-01 2004-08-12 Larsen Vincent Alan System and method for process-based security in a portable electronic device
US20030154397A1 (en) * 2002-02-01 2003-08-14 Larsen Vincent Alan Method and apparatus for implementing process-based security in a computer system
US20040230836A1 (en) * 2002-02-01 2004-11-18 Larsen Vincent Alan Hardware implementation of process-based security protocol
US20040128510A1 (en) * 2002-02-01 2004-07-01 Larsen Vincent Alan Key exchange for a process-based security system
US7249379B2 (en) 2002-02-01 2007-07-24 Systems Advisory Group Enterprises, Inc. Method and apparatus for implementing process-based security in a computer system
US20040107354A1 (en) * 2002-02-01 2004-06-03 Larsen Vincent Alan Auto-rebuild using flash memory for a process based security system
US20050044381A1 (en) * 2002-02-01 2005-02-24 Larsen Vincent Alan System & method of table building for a process-based security system using intrusion detection
US20040103096A1 (en) * 2002-02-01 2004-05-27 Larsen Vincent Alan Multi-user process based security system and method
US20040128505A1 (en) * 2002-02-01 2004-07-01 Larsen Vincent Alan Secure file transfer in a process based security system
US20040093525A1 (en) * 2002-02-01 2004-05-13 Larnen Vincent Alan Process based security tai building
US20040243845A1 (en) * 2002-02-01 2004-12-02 Larsen Vincent Alan System and method for process-based security in a network device
US10726417B1 (en) 2002-03-25 2020-07-28 Jpmorgan Chase Bank, N.A. Systems and methods for multifactor authentication
US20030226014A1 (en) * 2002-05-31 2003-12-04 Schmidt Rodney W. Trusted client utilizing security kernel under secure execution mode
US7134022B2 (en) * 2002-07-16 2006-11-07 Flyntz Terence T Multi-level and multi-category data labeling system
US20040015701A1 (en) * 2002-07-16 2004-01-22 Flyntz Terence T. Multi-level and multi-category data labeling system
US7756816B2 (en) 2002-10-02 2010-07-13 Jpmorgan Chase Bank, N.A. System and method for network-based project management
US8301493B2 (en) 2002-11-05 2012-10-30 Jpmorgan Chase Bank, N.A. System and method for providing incentives to consumers to share information
US20040088219A1 (en) * 2002-11-05 2004-05-06 First Usa Bank, N.A. System and method for providing incentives to consumers to share information
US20100242118A1 (en) * 2003-01-30 2010-09-23 Satoru Tanaka Security management device and security management method
US20100211778A1 (en) * 2003-01-30 2010-08-19 Satoru Tanaka Security management device and security management method
US20040152851A1 (en) * 2003-01-31 2004-08-05 Weiqing Weng Polymerization process
US8566352B2 (en) * 2003-03-04 2013-10-22 International Business Machines Corporation Methods, systems and program products for classifying and storing a data handling method and for associating a data handling method with a data item
US20080046451A1 (en) * 2003-03-04 2008-02-21 Haase William T Methods, systems and program products for classifying and storing a data handling method and for associating a data handling method with a data item
US20080189710A1 (en) * 2003-04-30 2008-08-07 International Business Machines Corporation Method and System for Optimizing File Table Usage
US20080163243A1 (en) * 2003-04-30 2008-07-03 Kalmuk David C Method and system for optimizing file table usage
US7373647B2 (en) * 2003-04-30 2008-05-13 International Business Machines Corporation Method and system for optimizing file table usage
US7844974B2 (en) 2003-04-30 2010-11-30 International Business Machines Corporation Method and system for optimizing file table usage
US7934220B2 (en) 2003-04-30 2011-04-26 International Business Machines Corporation Method and system for optimizing file table usage
US20040221294A1 (en) * 2003-04-30 2004-11-04 International Business Machines Corporation Method and system for optimizing file table usage
US20040268139A1 (en) * 2003-06-25 2004-12-30 Microsoft Corporation Systems and methods for declarative client input security screening
US7669239B2 (en) * 2003-09-15 2010-02-23 Jpmorgan Chase Bank, N.A. Secure network system and associated method of use
US20050060579A1 (en) * 2003-09-15 2005-03-17 Anexsys, L.L.C. Secure network system and associated method of use
US7802294B2 (en) 2005-01-28 2010-09-21 Microsoft Corporation Controlling computer applications' access to data
US7810153B2 (en) * 2005-01-28 2010-10-05 Microsoft Corporation Controlling execution of computer applications
US20070186112A1 (en) * 2005-01-28 2007-08-09 Microsoft Corporation Controlling execution of computer applications
US8296162B1 (en) 2005-02-01 2012-10-23 Webmd Llc. Systems, devices, and methods for providing healthcare information
US8694336B1 (en) 2005-02-01 2014-04-08 Webmd, Llc Systems, devices, and methods for providing healthcare information
US7650501B1 (en) * 2005-02-15 2010-01-19 Sun Microsystems, Inc. System and methods for construction, fusion, prosecution, and maintenance of minimized operating environments
US8539587B2 (en) 2005-03-22 2013-09-17 Hewlett-Packard Development Company, L.P. Methods, devices and data structures for trusted data
US20060277218A1 (en) * 2005-06-03 2006-12-07 Microsoft Corporation Running internet applications with low rights
US8078740B2 (en) 2005-06-03 2011-12-13 Microsoft Corporation Running internet applications with low rights
US20130086678A1 (en) * 2006-06-20 2013-04-04 Microsoft Corporation Integrating security protection tools with computer device integrity and privacy policy
US8489878B2 (en) 2006-06-23 2013-07-16 Microsoft Corporation Communication across domains
US8185737B2 (en) 2006-06-23 2012-05-22 Microsoft Corporation Communication across domains
US8335929B2 (en) 2006-06-23 2012-12-18 Microsoft Corporation Communication across domains
US20070300064A1 (en) * 2006-06-23 2007-12-27 Microsoft Corporation Communication across domains
US8127133B2 (en) 2007-01-25 2012-02-28 Microsoft Corporation Labeling of data objects to apply and enforce policies
US20080184329A1 (en) * 2007-01-25 2008-07-31 Microsoft Corporation Labeling of data objects to apply and enforce policies
US20080215367A1 (en) * 2007-02-02 2008-09-04 Webmd Health Personalized Health Records with Associative Relationships
US8380530B2 (en) 2007-02-02 2013-02-19 Webmd Llc. Personalized health records with associative relationships
US8756077B2 (en) 2007-02-02 2014-06-17 Webmd, Llc Personalized health records with associative relationships
US20100180339A1 (en) * 2007-05-18 2010-07-15 Secure Keys Pty Limited Security token and system and method for generating and decoding the security token
US8752207B2 (en) * 2007-05-18 2014-06-10 Secure Keys Pty Limited Security token and system and method for generating and decoding the security token
US20080313648A1 (en) * 2007-06-14 2008-12-18 Microsoft Corporation Protection and communication abstractions for web browsers
US10019570B2 (en) 2007-06-14 2018-07-10 Microsoft Technology Licensing, Llc Protection and communication abstractions for web browsers
US9594901B2 (en) 2008-12-02 2017-03-14 At&T Intellectual Property I, L.P. Methods, systems, and products for secure access to file system structures
US20100138922A1 (en) * 2008-12-02 2010-06-03 Arthur Zaifman Methods, Systems, and Products for Secure Access to File System Structures
US8930324B2 (en) * 2012-06-15 2015-01-06 Russell A. Blaine Guarded file descriptors
US20130339313A1 (en) * 2012-06-15 2013-12-19 Apple Inc. Guarded file descriptors
US10586076B2 (en) * 2015-08-24 2020-03-10 Acronis International Gmbh System and method for controlling access to OS resources
US9674202B1 (en) 2015-12-29 2017-06-06 Imperva, Inc. Techniques for preventing large-scale data breaches utilizing differentiated protection layers
US9674201B1 (en) 2015-12-29 2017-06-06 Imperva, Inc. Unobtrusive protection for large-scale data breaches utilizing user-specific data object access budgets
US10382400B2 (en) 2015-12-29 2019-08-13 Imperva, Inc. Techniques for preventing large-scale data breaches utilizing differentiated protection layers
US10404712B2 (en) 2015-12-29 2019-09-03 Imperva, Inc. Unobtrusive protection for large-scale data breaches utilizing user-specific data object access budgets

Also Published As

Publication number Publication date
CA2001863C (en) 1995-12-05
EP0371673B1 (en) 1997-08-27
JPH02194450A (en) 1990-08-01
EP0371673A2 (en) 1990-06-06
JP2603344B2 (en) 1997-04-23
CA2001863A1 (en) 1990-05-31
EP0371673A3 (en) 1991-04-03

Similar Documents

Publication Publication Date Title
US4984272A (en) Secure file handling in a computer operating system
US8402269B2 (en) System and method for controlling exit of saved data from security zone
US7536524B2 (en) Method and system for providing restricted access to a storage medium
JP2739029B2 (en) How to control access to data objects
KR910005995B1 (en) Method of protecting system files and data processing system
US9881013B2 (en) Method and system for providing restricted access to a storage medium
US5748744A (en) Secure mass storage system for computers
US8234477B2 (en) Method and system for providing restricted access to a storage medium
McIlroy et al. Multilevel security in the UNIX tradition
KR100450402B1 (en) Access control method by a token with security attributes in computer system
US4701840A (en) Secure data processing system architecture
Karger Limiting the damage potential of discretionary Trojan horses
US20070180257A1 (en) Application-based access control system and method using virtual disk
US20060236104A1 (en) Method and apparatus for encrypting and decrypting data in a database table
Gligor et al. Design and implementation of secure Xenix
US8452740B2 (en) Method and system for security of file input and output of application programs
Friedman The authorization problem in shared files
KR980010772A (en) How to prevent copying of computer software
US20080107261A1 (en) Method for Protecting Confidential Data
KR101227187B1 (en) Output control system and method for the data in the secure zone
EP0407060A2 (en) Method of providing mandatory secrecy and integrity file security in a computer system
US20030033303A1 (en) System and method for restricting access to secured data
WO2004001561A2 (en) Computer encryption systems
Pieprzyk et al. Access Control
JPH0387945A (en) File security control system

Legal Events

Date Code Title Description
AS Assignment

Owner name: AMERICAN TELEPHONE AND TELEGRAPH COMPANY, A CORP.

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST.;ASSIGNOR:REEDS, JAMES A.;REEL/FRAME:005005/0716

Effective date: 19881130

Owner name: BELL TELEPHONE LABORATORIES, INCORPORATED, A CORP.

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST.;ASSIGNOR:REEDS, JAMES A.;REEL/FRAME:005005/0716

Effective date: 19881130

STCF Information on status: patent grant

Free format text: PATENTED CASE

FEPP Fee payment procedure

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

FPAY Fee payment

Year of fee payment: 4

FEPP Fee payment procedure

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Free format text: PAYER NUMBER DE-ASSIGNED (ORIGINAL EVENT CODE: RMPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

FPAY Fee payment

Year of fee payment: 8

FPAY Fee payment

Year of fee payment: 12